{"url":"http://public2.vulnerablecode.io/api/packages/211667?format=json","purl":"pkg:deb/debian/wlc@1.17.2-1?distro=trixie","type":"deb","namespace":"debian","name":"wlc","version":"1.17.2-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.0-1","latest_non_vulnerable_version":"2.0.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22156?format=json","vulnerability_id":"VCID-9s62-8ytz-6fgs","summary":"Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command\nMulti-translation download could write to an arbitrary location when instructed by a crafted server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23535","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05193","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23535"},{"reference_url":"https://github.com/WeblateOrg/wlc","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/wlc"},{"reference_url":"https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T19:20:47Z/"}],"url":"https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f"},{"reference_url":"https://github.com/WeblateOrg/wlc/pull/1128","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T19:20:47Z/"}],"url":"https://github.com/WeblateOrg/wlc/pull/1128"},{"reference_url":"https://github.com/WeblateOrg/wlc/releases/tag/1.17.2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T19:20:47Z/"}],"url":"https://github.com/WeblateOrg/wlc/releases/tag/1.17.2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125755","reference_id":"1125755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23535","reference_id":"CVE-2026-23535","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23535"},{"reference_url":"https://github.com/advisories/GHSA-mmwx-79f6-67jg","reference_id":"GHSA-mmwx-79f6-67jg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmwx-79f6-67jg"},{"reference_url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg","reference_id":"GHSA-mmwx-79f6-67jg","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T19:20:47Z/"}],"url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/211667?format=json","purl":"pkg:deb/debian/wlc@1.17.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@1.17.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/211666?format=json","purl":"pkg:deb/debian/wlc@2.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@2.0.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-23535","GHSA-mmwx-79f6-67jg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9s62-8ytz-6fgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22073?format=json","vulnerability_id":"VCID-9vwj-87p8-vfe9","summary":"Weblate wlc has insecure API key configuration\nHistorically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22251","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00382","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22251"},{"reference_url":"https://github.com/WeblateOrg/wlc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/wlc"},{"reference_url":"https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:43:08Z/"}],"url":"https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797"},{"reference_url":"https://github.com/WeblateOrg/wlc/pull/1098","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:43:08Z/"}],"url":"https://github.com/WeblateOrg/wlc/pull/1098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125441","reference_id":"1125441","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22251","reference_id":"CVE-2026-22251","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22251"},{"reference_url":"https://github.com/advisories/GHSA-9rp8-h4g8-8766","reference_id":"GHSA-9rp8-h4g8-8766","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9rp8-h4g8-8766"},{"reference_url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766","reference_id":"GHSA-9rp8-h4g8-8766","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:43:08Z/"}],"url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766"},{"reference_url":"https://usn.ubuntu.com/7981-1/","reference_id":"USN-7981-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7981-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/211667?format=json","purl":"pkg:deb/debian/wlc@1.17.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@1.17.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/211666?format=json","purl":"pkg:deb/debian/wlc@2.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@2.0.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22251","GHSA-9rp8-h4g8-8766"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwj-87p8-vfe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22070?format=json","vulnerability_id":"VCID-h3mh-b457-cbad","summary":"Weblate command-line client susceptible to SSL verification skip\nThe SSL verification would be skipped for some crafted URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22250","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00314","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22250"},{"reference_url":"https://github.com/WeblateOrg/wlc","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/WeblateOrg/wlc"},{"reference_url":"https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:05:29Z/"}],"url":"https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3"},{"reference_url":"https://github.com/WeblateOrg/wlc/pull/1097","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:05:29Z/"}],"url":"https://github.com/WeblateOrg/wlc/pull/1097"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125440","reference_id":"1125440","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125440"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22250","reference_id":"CVE-2026-22250","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22250"},{"reference_url":"https://github.com/advisories/GHSA-2mmv-7rrp-g8xh","reference_id":"GHSA-2mmv-7rrp-g8xh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mmv-7rrp-g8xh"},{"reference_url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh","reference_id":"GHSA-2mmv-7rrp-g8xh","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:05:29Z/"}],"url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh"},{"reference_url":"https://usn.ubuntu.com/7981-1/","reference_id":"USN-7981-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7981-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/211667?format=json","purl":"pkg:deb/debian/wlc@1.17.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@1.17.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/211666?format=json","purl":"pkg:deb/debian/wlc@2.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@2.0.0-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22250","GHSA-2mmv-7rrp-g8xh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3mh-b457-cbad"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wlc@1.17.2-1%3Fdistro=trixie"}